Protect yourself from the risks of steganography

Detecting steganography
Public steganography detection tools are few and far between. Nonetheless, the tools that are out there can help the consultant analyse content for hidden information. For JPEGs, there is a program for both Linux and Windows called Stegdetect, which works from the command line. You can use Stegdetect to look for certain steg programs such as jsteg, outguess, and others.

A different method of detecting embedded files is to run a histogram on the file and examine the pattern. For example, when you run a histogram on a picture, there should be random spikes here and there. If the histogram is very flat or has one large spike, then it's likely something has been hidden inside it.

A second idea is to run a hash against the source file. DigestIT 2004 is a Windows application that generates an MD5 hash from within Explorer. When an unaltered file and the file with the hidden information no longer match, then the hash numbers will be different. However, you have to be careful with this technique since saving the picture can result in a new hash. Thus, anytime the picture is loaded and resaved, there is a high chance you will also lose the encrypted file.

For example, insert a data file into an image file and then resave it in a picture editor. When an editor resaves the image file, the application will be applying a different level of compression to the picture than when it was first created. Unfortunately, it takes only one resave to change the compression and blow away the hidden secret in the image.

Helping out the client
Many users are becoming more aware of personal security and are embedding personal records by using steganography. As a result, companies need to write better policies about the use of unauthorised encryption in the workplace. Consultants need to be aware of the levels of impact steganography has on their clients in order to help them develop these policies.